Hide files/folders from EFT Server users based on NTFS Permissions


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server Enterprise version 6.1 and later installed on Windows 2008 R2

DISCUSSION

A very common request is for EFT Server to hide folders/files from users that they do not have permissions to access through an AD-authenticated Site. This is easily accomplished on a GSAUTH Site or an LDAP Site, because EFT Server manages all of the permissions. However, with AD authentication, EFT Server relies on the response from the NTFS permissions. NTFS, by default, does not natively have the ability to hide these files on local directories; however, in Windows Server 2008, you can work around this by enabling Access Based Enumeration (ABE.)

Information about ABE can be found on Microsoft’s website, but for the purposes of this article, we provide only the instructions on how to set it up for EFT Server.

To hide files/folders from EFT Server users based on NTFS Permissions

  1. Create a Windows share to the Site's root directory that you want the Site in EFT Server to use (\\servername\adauth).
  2. Enable SMB Protocol for the share.
  3. When configuring SMB Settings, under the Advanced section, on the User Limits tab, select the Enable access-based enumeration (ABE) check box, then click OK.
  4. When prompted for permissions, click Administrators have Full Control; all other users and groups have only Read access and Write access.
  5. Continue with the remaining options at your discretion to complete the Share setup.
  6. Open the EFT Server administration interface.
  7. Click (or create) the Site you want to use and configure the Site root to use \\loclahost\(sharename).